Thanks everyone who have replied. Specially Bryan. Now I have enough information to start working on it. See you guys soon.
- Raihan. On Wed, Feb 11, 2009 at 6:26 AM, Ed Morgan <ejr.mor...@gmail.com> wrote: > I've been following this thread with interest as i'm looking to make the > switch from windows sysadmin (at enterprise level) to linux, and i've been > struggling to get decent advice on LDAP integration. > > Many thanks Bryan. > > /Ed > > 2009/2/10 Bryan Smith <bryansmit...@gmail.com> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> First, what are the specs on this ldap server...SMP? how much RAM? How >> many users do you want to go into it? Will they need to run cron jobs? >> >> There is no such thing as a really easy way to accomplish this. You can >> follow tutorials and howto's but when things don't work, as they should, >> such as users not being able to change passwords and incorrect password >> hashes being used...you're going to have to learn about a lot of things. >> Truthfully, being a newbie to ldap and thinking you'll get it all going >> just by reading a howto is a bit misguided as far as ldap is concerned. >> Having prior experience working with a directory is only good if you >> know what is actually going on at the attribute/object level. >> >> I'm currently managing an openldap deployment with >> replication(slurpd)(Debian Etch of course) with over 1002 users in >> it(growing daily). Users can log into any number of FreeBSD, OSX, Linux >> or Windows clients. Anything that can authenticate against ldap is fair >> play on the network...even firewall rules do ldap lookups. >> >> I have never seen a true complete openldap howto, the ones I've seen get >> you going, but ldap is a different animal all to itself. This is no ftp >> server or trivial daemon...ldap requires a lot of hands on and more >> error than trial. If you are not making mistakes then you aren't learning. >> >> You will need a way to administrate the ldap directory, once you get it >> installed. I prefer command line, but when beginners usually grab a gui. >> There is a large disadvantage to using the gui. You don't really learn >> how your tree is arranged and the correct syntax to search only a >> certain ou or dc. You just click and search...that leaves large holes in >> your knowledge base. BTW there is no ldap gui...just ldap command line >> utilities. This is worlds away from administration on Windows or Mac, >> which is fairly simple >> >> You need the following Debian/Ubuntu packages: >> >> nscd, libnss-ldap, libpam-ldap, slapd, lmigrationtools, dap-utils, >> libnet-ldap-perl(optional), phpldapadmin(optional), ldapvi(optional) >> >> NSCD is a name service caching daemon, which will keep your ldap server >> from being destroyed by constant queries once ldap is enabled. Once you >> enable ldap in pam anything you can think of queries the server...cron, >> ls, cd, everything. Finding a sane config for NSCD is hard at >> best...some needed options aren't even in the man page LOL. Even still >> NSCD can nearly destroy your system if something goes awry...it'll use >> 99 % cpu in a heart beat. >> >> libnss-ldap and libpam-ldap help get users info from the system to the >> server and allow users to log in. libpam-ldap is the main thing needed >> on clients to call an ldap server an allow logins. >> >> sldap...openldap server >> >> migrationtools are essential to get data from local files into the ldap >> server >> >> ldap-utils are various utilities that will surely discourage you from >> learning how to use them initially. They are essential, but require tons >> of repetition before you learn them...ldapmodify is "fun" >> >> libnet-ldap-perl has little scripts that add/remove unix accounts to >> ldap by just using adduser/deluser instead of merely in the local files. >> There are also other scripts that do various things. Realize that once >> you enable ldap...you'll have to add user with ldapadd or else it'll >> just be a local login(unless you use libnet-ldap-perl or another script) >> >> phpldapadmin just a super easy web gui that will make managing users >> much easier, but it'll keep you from learning the hard stuff >> >> ldapvi is a sexy ldap administrator that uses a vi interface, though it >> is not for the timid. If you don't know vi, or ldap don't even blink at >> it. >> >> Read these and see if you come up with something...ask the group when >> you have questions, but please try to install it FIRST then ask >> questions. This email is so long I should have made a howto...maybe >> sometime later. >> >> http://www.linux.com/feature/40983 >> http://www.securityfocus.com/infocus/1563 >> >> Bryan >> >> Raihan Hasnain Rahman wrote: >> | I want to setup a Linux Server (preferably Ubuntu Server) for Windows >> | and Mac clients. The users should be able to login using their username >> | and password from any Windows or Mac workstations. >> | >> | I have implemented Open Directory (OS X server) before, and familiar >> | with Active Directory. But I have almost no idea about Unix systems. I >> | know there's OpenLDAP, but I need an easier solution. >> | >> | Right now I need a tutorial or walkthrough which will guide me to setup >> | the whole system. >> | >> | Thanks in advance. >> | >> | | >> >> - -- >> A healthy diet includes Linux, Linux and more Linux. >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.9 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkmSGUwACgkQh+MLjl5SKYTHoQCfbGnk+kFEnekakvmnpUqUkqZo >> b3IAnjsFPLVddDAzzG0/FuuQ2FgGFx2a >> =RnNu >> -----END PGP SIGNATURE----- >> >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Linux Users Group. To post a message, send email to linuxusersgroup@googlegroups.com To unsubscribe, send email to linuxusersgroup-unsubscr...@googlegroups.com For more options, visit our group at http://groups.google.com/group/linuxusersgroup -~----------~----~----~----~------~----~------~--~---
